[Pdns-users] PowerDNS and CNAMEs
Rune Sørensen
rune at falcon.io
Fri Jul 21 14:21:11 UTC 2017
OK, dig outputs using the actual domain.
Also, a bit more info on the setup:
We have a PowerDNS server running on our local network handling the flcn.io
domain
We also have flcn.io in Cloudflare DNS, for authorizing SSL certs with
Let's Encrypt
----
test1.flcn.io - CNAME in PowerDNS pointing to A record in PowerDNS. No
record in Cloudflare
Works as expected
~# dig CNAME test1.flcn.io
; <<>> DiG 9.11.1-P3 <<>> CNAME test1.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test1.flcn.io. IN CNAME
;; ANSWER SECTION:
test1.flcn.io. 60 IN CNAME localhost.flcn.io.
;; Query time: 0 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:16 UTC 2017
;; MSG SIZE rcvd: 73
~# dig A test1.flcn.io
; <<>> DiG 9.11.1-P3 <<>> A test1.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test1.flcn.io. IN A
;; ANSWER SECTION:
test1.flcn.io. 56 IN CNAME localhost.flcn.io.
localhost.flcn.io. 1 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:20 UTC 2017
;; MSG SIZE rcvd: 89
----
test2.flcn.io - CNAME in PowerDNS pointing to www.google.com. No record in
Cloudflare
CNAME record look up works as expected. A record look up fails
~# dig CNAME test2.flcn.io
; <<>> DiG 9.11.1-P3 <<>> CNAME test2.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63029
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;test2.flcn.io. IN CNAME
;; ANSWER SECTION:
test2.flcn.io. 60 IN CNAME www.google.com.
;; Query time: 24 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:27 UTC 2017
;; MSG SIZE rcvd: 70
~# dig A test2.flcn.io
; <<>> DiG 9.11.1-P3 <<>> A test2.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54281
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test2.flcn.io. IN A
;; Query time: 0 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:32 UTC 2017
;; MSG SIZE rcvd: 42
----
test3.flcn.io - CNAME record in PowerDNS pointing to www.amazon.com. CNAME
record in Cloudflare pointing to bbc.co.uk
CNAME looks works as expected. A record look up gets the record from
Cloudflare
~# dig CNAME test3.flcn.io
; <<>> DiG 9.11.1-P3 <<>> CNAME test3.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42909
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;test3.flcn.io. IN CNAME
;; ANSWER SECTION:
test3.flcn.io. 60 IN CNAME www.amazon.com.
;; Query time: 22 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:41 UTC 2017
;; MSG SIZE rcvd: 70
~# dig A test3.flcn.io
; <<>> DiG 9.11.1-P3 <<>> A test3.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18384
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test3.flcn.io. IN A
;; ANSWER SECTION:
test3.flcn.io. 16 IN CNAME bbc.co.uk.
bbc.co.uk. 16 IN A 212.58.246.78
bbc.co.uk. 16 IN A 212.58.246.79
bbc.co.uk. 16 IN A 212.58.244.22
bbc.co.uk. 16 IN A 212.58.244.23
;; Query time: 20 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 13:37:48 UTC 2017
;; MSG SIZE rcvd: 129
----
test4.flcn.io - No records in PowerDNS. A CNAME record in Cloudflare
pointing to www.google.com.
Works as expected (no records found, since looking in PowerDNS)
~# dig CNAME test4.flcn.io
; <<>> DiG 9.11.1-P3 <<>> CNAME test4.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23113
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;test4.flcn.io. IN CNAME
;; AUTHORITY SECTION:
flcn.io. 60 IN SOA ns1.flcn.io.
hostmaster.falcon.io. 1500646426 10800 3600 604800 3600
;; Query time: 23 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 14:15:51 UTC 2017
;; MSG SIZE rcvd: 100
~# dig A test4.flcn.io
; <<>> DiG 9.11.1-P3 <<>> A test4.flcn.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46486
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;test4.flcn.io. IN A
;; AUTHORITY SECTION:
flcn.io. 60 IN SOA ns1.flcn.io.
hostmaster.falcon.io. 1500646426 10800 3600 604800 3600
;; Query time: 19 msec
;; SERVER: 10.255.0.3#53(10.255.0.3)
;; WHEN: Fri Jul 21 14:15:56 UTC 2017
;; MSG SIZE rcvd: 100
*Rune Tor Sørensen*
Site Reliability Engineer
+45 3172 2097 <+4531722097>
LinkedIn <https://www.linkedin.com/in/runets> Twitter
<https://twitter.com/Areian>
*Copenhagen*
Falcon.io Aps
H.C. Andersens Blvd. 27
1553 Copenhagen
CVR no.: 33362226
[image: Falcon.io]
<https://www.falcon.io/?utm_source=Employee%20emails&utm_medium=email&utm_content=Rune%20Tor%20S%C3%B8rensen&utm_campaign=Mail%20signature>
Meet Your Customers
On Fri, Jul 21, 2017 at 12:07 PM, Aki Tuomi <cmouse at cmouse.fi> wrote:
>
>
> On 21.07.2017 15:04, Rune Sørensen wrote:
>
> Hey gurus.
>
> I have a strange issue with CNAME records that I hope you can help me
> solve, or at least clarify why it is like this.
>
> I have a CNAME, service.my-domain.com, pointing to host.other-domain.com.
> Now, if the A record for host.other-domain.com is managed by my PowerDNS,
> this works fine.
> If, on the other hand, host.other-domain.com is hosted by third party,
> the recursor functionality of PowerDNS seems strange. In stead of trying to
> resolve host.other-domain.com on the upstream server, it tries to resolve
> the original request, i.e. service.my-domain.com.
>
> Is this expected behaviour? Or have I botched my configuration somehow?
>
> *Rune Tor Sørensen*
> Site Reliability Engineer
> +45 3172 2097 <+4531722097>
> LinkedIn <https://www.linkedin.com/in/runets> Twitter
> <https://twitter.com/Areian>
> *Copenhagen*
> Falcon.io Aps
> H.C. Andersens Blvd. 27
> 1553 Copenhagen
> CVR no.: 33362226
> [image: Falcon.io]
> <https://www.falcon.io/?utm_source=Employee%20emails&utm_medium=email&utm_content=Rune%20Tor%20S%C3%B8rensen&utm_campaign=Mail%20signature>
> Meet Your Customers
>
> Can you send some dig outputs?
>
> Aki
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170721/bc373415/attachment-0001.html>
More information about the Pdns-users
mailing list